> If I understand well, a security entry with an allow-if-owner > element (like > the owner-only entry shiped with jetspeed distributions) allows the > specified actions to its owner. > > But who exactly is the owner of a portlet ? >
Once portlet can be added to your psml and it carries 'allow-if-owner' via its registry definition, you become the 'owner' of the portlet reference contained in your psml only (i.e. if someone else attempts to reference it directly via its peid, they will be denied access to it). You can override this by customizing the portlet and setting it security ref to something else (and if you're not careful, you can lock yourself out of accessing this portlet - by assigning it something like 'admin-only', for instance). Hope this makes sense. Best regards, Mark Orciuch - [EMAIL PROTECTED] Jakarta Jetspeed - Enterprise Portal in Java http://jakarta.apache.org/jetspeed/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
